Using bzr in a centralized, controlled fashion
Michael B. Trausch
mbt at zest.trausch.us
Sun Oct 25 22:24:06 GMT 2009
I have a client that wants to use bzr in the following manner:
* There is a dedicated storage area on the server for storing shared
repositories (/srv/bzr) and projects/branches are stored using the
convention /srv/bzr/$PROJECT_NAME/$BRANCH_NAME.
* This dedicated storage area should be read/write to a bzr smart
server, and users should have no direct access (read or write) to
the repositories.
* The repositories contain private software, and should only be
accessible by people based on their credentials.
My thought was to use bzr+ssh. However, I'm not sure how that would
work for multiple users. If you have users "a" and "b" on the system,
and they both can write to /srv/bzr/privateProject/trunk (or anything
else, for that matter) in terms of policy, how does that map into the
way bzr works? AIUI, the smart server runs with the UID and privileges
of the calling user, so the resulting new files and the like would be
owned by that user. What I'd like is the ability for bzr to run as its
own user, say even just "bzr", and it be the only thing that has access
to these things.
I suppose what I'm looking for is really a smart server with
authentication and authorization capability, but I don't think that is
available yet, is it?
--- Mike
--
Blog: http://mike.trausch.us/blog/
Misc. Software: http://mike.trausch.us/software/
“The greater danger for most of us lies not in setting our aim too
high and falling short; but in setting our aim too low, and achieving
our mark.” —Michelangelo
More information about the bazaar
mailing list